Daily NCSC-FI news followup 2020-01-25
Kyberhäiriötilanteisiin kannattaa valmistautua jo etukäteen varautumista koskevat suositukset ja sääntely koottiin yhteen
www.epressi.com/tiedotteet/tietoturva/kyberhairiotilanteisiin-kannattaa-valmistautua-jo-etukateen-varautumista-koskevat-suositukset-ja-saantely-koottiin-yhteen.html Huoltovarmuusorganisaation Digipooli ja Tietoliikenteen ja tietotekniikan keskusliitto FiCom ry ovat julkaisseet suositukset kyberturvallisuudestaan huolehtiville yrityksille sekä IT- ja tietoturvapalveluiden tarjoajille. Suosituksia tarjoillaan kolmeen vaiheeseen: ennen sopimista, palvelun ylläpidossa ja häiriötilanteissa huomioitaviin asioihin.
Does Your Domain Have a Registry Lock?
krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/
Hackers target unpatched Citrix servers to deploy ransomware
www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/ REvil ransomware gang has been spotted abusing Citrix bug to infect victims.
Nice Try: 501 (Ransomware) Not Implemented
www.fireeye.com/blog/threat-research/2020/01/nice-try-501-ransomware-not-implemented.html
NSA Releases Guidance on Mitigating Cloud Vulnerabilities
Russian Pleads Guilty to Running ‘CardPlanet’ to Sell Stolen Credit Cards
thehackernews.com/2020/01/russian-credit-card-hacker.html Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud.
Citrix Releases Final Patch as Ransomware Attacks Ramp Up
www.bleepingcomputer.com/news/security/citrix-releases-final-patch-as-ransomware-attacks-ramp-up/ Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.
New Ryuk Info Stealer Targets Government and Military Secrets
www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-targets-government-and-military-secrets/ A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs
www.bleepingcomputer.com/news/security/dos-exploit-poc-released-for-critical-windows-rdp-gateway-bugs/ A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.
City of Potsdam Servers Offline Following Cyberattack
www.bleepingcomputer.com/news/security/city-of-potsdam-servers-offline-following-cyberattack/ The City of Potsdam severed the administration servers’ Internet connection following a cyberattack that took place earlier this week. Emergency services including the city’s fire department fully operational and payments are not affected.
U.S. Govt Agency Hit with New CARROTBALL Malware Dropper
www.bleepingcomputer.com/news/security/us-govt-agency-hit-with-new-carrotball-malware-dropper/ A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.
